In order to protect users using the World Wide Web (WWW) from malicious Web sites and malicious Web contents, filtering is conducted. By use of blacklists indicating URLs (malicious URLs) of malicious Web sites and malicious Web contents, filtering prevents access to the URLs and fully qualified domain names (FQDNs, host names of servers) included in these lists. Blacklists used in this filtering are generated by organizations, such as antivirus vendors, from their unique perspectives (see Non-Patent Literature 1).
Attackers sometimes partially change character strings of their URLs in order to avoid the URLs becoming targets to be filtered. For example, they may change “http://www.example.com/index1.html” to “http://www.example.com/index2.html”. Thus, in order to make a character string of a URL a target to be filtered even if the character string is partially changed like this, a technique has been proposed, in which any Web contents existing on the same FQDN are regarded as those of a URL similar to a malicious URL and made a target to be filtered.